Recently my team was working to implement Brakeman in our CI processes to automatically scan our codebase for security vulnerabilities. Among a few other issues, it identified a handful of similar XSS vulnerabilities of a similar pattern:
This is a pretty straight forward vulnerability, since passing
"; alert(1); " for
whatever will result in the code being rendered as
var FOO = ""; alert(1); ""; which isn’t good.
The fix, isn’t so simple. I’ve searched high and low, and couldn’t find a single source that had the correct solution to the problem. So here it is…